The analyst firm Radicati has taken a close look at the market for software products for data loss prevention (DLP). The CEO of e3 AG, Thomas Fürling, comments on the results.
In a report, The Radicati Group compares nine solutions for data loss prevention (DLP) in terms of functionality, market presence and future viability. The result is shown in a quadrant similar to Gartner's.
The Swiss e3 AG is the global specialist for data loss prevention. The founder and CEO Thomas Fürling complements the assessments of the Radicati analysts with a Swiss perspective and makes some general statements more precise.
The report "Data Loss Prevention – Market Quadrant» can be downloaded free of charge from the Broadcom website. The reason: Symantec's parent company supplies the market-leading DLP application.
Strong demand for DLP
The analyst firm Radicati expects strong growth in DLP solutions. The global market volume is expected to almost triple by 2027. “That is quite realistic. Because there are still many companies that don’t have a solution yet,” comments Fürling. According to him, financial and pharmaceutical companies in particular are doing well. The insurance industry is currently evaluating solutions. Healthcare, trade and industry are still at the very beginning, while the automotive industry is currently “experimenting”. “When it comes to public administrations, we are even starting on a ‘greenfield site,’” reports the e3 expert.
According to Fürling, regulation continues to be a growth driver in the Swiss market for DLP solutions. For example, the Swiss Financial Market Supervisory Authority FINMA requires Swiss banks to use a DLP application. He adds that the frequent cyber incidents in the recent past have prompted authorities and the healthcare sector to actively engage with DLP.
When looking at the providers, the e3 CEO sees Microsoft on the winning track. The US manufacturer's solution rides on the wave of success of Microsoft 365, which is currently enjoying great popularity.
The true cost of DLP
With Symantec, Forcepoint, Trellix and Microsoft, Radicati lists four solutions supported by e3. Fürling considers the analysts' assessments of the strengths and weaknesses of the four applications to be largely correct. However, he warns that a DLP solution is more than just channel coverage and search options. The expert names incident management as the largest cost factor, which is responsible for 60 to 70 percent of the running time costs. “Most products still have potential for optimization when it comes to incident management,” emphasizes Fürling.
The analyst report lacks a detailed description of the reporting functions of all solutions, according to the expert. They are also poorly developed for all applications. This could lead to large financial expenses, particularly in countries with high wage costs – such as Switzerland. According to Fürling, outsourcing is less sustainable because, on the one hand, regulations could change and, on the other hand, cheaper locations become increasingly more expensive. Instead, he recommends automation, which is sustainable and would pay off in the long term.
DLP solutions in detail
Symantec: the market leader
The provider Broadcom with the purchased Symantec applications is described by Radicati as the market leader. Fürling shares this opinion and adds: “Symantec practically always offers the cheapest prices. However, Symantec requires an Oracle database, which involves additional costs and (personnel) effort.” However, many, especially smaller companies with up to 1000 employees, wanted to dismantle Oracle, which would mean that Symantec would no longer be the first choice. The e3 expert sees a plus point in the fact that Symantec has so far committed itself more strongly than any other manufacturer to further promoting on-premises installations.
Forcepoint: number two
Radicati ranks Forcepoint's solution right behind Symantec. According to the DLP specialist e3, the two applications are even closer together. «Forcepoint is currently undergoing the most further development. The integration of the cloud solution 'Forcepoint One', based on the former CASB Bitglass, is particularly promising. The integration should soon be at Symantec level,” says Fürling.
The report doesn't give enough credit to Forcepoint's strengths in the area of user risk. The previously close collaboration with the BoldonJames classification solution has been dissolved and another solution has been integrated. This positive development is also missing from the analysts' assessment, says Fürling.
Forcepoint's weaknesses include limited support for Linux enpoints and multi-tenant environments. The former is rarely a customer requirement, says the expert, which means it can't be described as a disadvantage. This also applies to multi-tenancy, which can only be implemented with a lot of experience and additional products for all solutions.
Trellix: unwarranted criticism
The number three in the market is the DLP from McAfee – now Trellix. Radicati also rates this solution as a market leader. The e3 CEO knows that Trellix is very popular with various customers in Switzerland. However, acquiring new customers is difficult.
Trellix has received criticism from analysts for the fact that the OCR (Optical Character Recognition) does not work on the endpoint. The Swiss expert comments on this: “OCR on the endpoint is also not possible with the market leader Symantec, for example. However, the computationally intensive character recognition is typically only done on servers.”
Fürling can confirm Trellix's shortcomings in management and usability. However, if a company has skills, Trellix can be used to work more adaptively in complex infrastructure situations than with other solutions. One advantage of Trellix that is worth highlighting and does not appear in the analyst report is its single-agent implementation. Here the expert expresses the hope that it will remain even after the separation from McAfee. The classification solution praised by analysts, however, is more suitable for more modest requirements. After all, it's basically free.
Fortra: Niche solution in Switzerland
According to Radicati, the fourth market-leading provider is Fortra Digital Guardian. The application is a niche solution in Switzerland, which is why e3 does not have it in its portfolio. Fürling knows: “Digital Guardian has long had the advantage that its endpoint is much more deeply integrated than its competitors. That made cool features possible, but compromised stability.” Fortra is now faced with the challenge of integrating the acquisitions of BoldonJames, Clearswift, Titus, Vera, etc. into a homogeneous, stable overall solution. If this were to succeed, the expert is convinced that a very strong overall product would be created. But then Fortra still has to open up the cloud world.
Microsoft: the whiz kid
Radicati only classifies Microsoft as a “specialist” with a limited range of functions. While e3 agrees with the limited features, there is definitely a contradiction in terms of market presence: “Microsoft's DLP solution is coming onto the market like a fast train, driven by the rollouts of Microsoft 365. Customers have the feeling that an integrated solution is better or cheaper. “But this appearance is deceptive,” warns Fürling. A good solution is no cheaper from Microsoft than from other manufacturers. Rather, Microsoft delivers a simple solution that focuses primarily on teams, email and the endpoint. Although it is actually quick to set up, it does not offer all-round protection. For internationally active companies that have a Microsoft 365 tenant, there is the additional challenge of addressing this internal multi-tenancy. However, the DLP specialists have observed that Microsoft is developing quickly, which partially affects the stability of the solution. Nevertheless, the programmers in Redmond did a good job, so Microsoft will quickly catch up in terms of functionality.
Today e3 recommends Microsoft DLP especially for larger customers and primarily in combination with another DLP solution. The lack of coverage of the web channel is critical and is better addressed by the applications of market competitors.
The gaps in all DLP solutions
In times of home office and remote work, Microsoft Teams has become synonymous with professional chats and virtual meetings. Sensitive information is often shared via the various Teams channels. A DLP would have to be vigilant here and point out their transgressions to Teams users who are being too funny. Microsoft’s DLP does that too – to some extent. Fürling explains: “Chat is the killer app. Microsoft does not officially support interception, although the web channels actually could. However, a DLP is not allowed to remove the message itself, but must replace it with a warning such as “blocked by DLP”. Otherwise, teams will try to resend for a long time, which can then lead to multiple events. Here e3 sees the regulator as having a duty to demand a DLP-compatible interface for Teams from Microsoft.
Fürling misses efficient data protection with permitted cloud solutions for all manufacturers without exception. They are typically whitelisted by the DLP and CASB (Cloud Access Security Broker) solutions and the data traffic is then not monitored. However, if the provider is attacked, the channel to the customers is open. The e3 recommends: Encrypt not only the files, but also the application data.
Ultimately, DLP providers must also get closer to the methods of artificial intelligence and quickly deliver suitable protective measures, warns Fürling. The hunger for data from AI solutions is huge and the trained models can no longer be discovered using conventional search patterns. An AI-powered DLP would address the threat and give control back to the data owner.
